<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "DTD/xhtml1-strict.dtd">
<html>
  <head>
    <title>volatility.plugins.overlays.linux.linux : API documentation</title>
    <meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
    <link href="apidocs.css" type="text/css" rel="stylesheet" />
    
    
  </head>
  <body>
    <h1 class="module">v.p.o.l.linux : module documentation</h1>
    <p>
      <span id="part">Part of <a href="volatility.html">volatility</a>.<a href="volatility.plugins.html">plugins</a>.<a href="volatility.plugins.overlays.html">overlays</a>.<a href="volatility.plugins.overlays.linux.html">linux</a></span>
      
      
    </p>
    <div>
      
    </div>
    <div>&#64;author:       Brendan Dolan-Gavitt
&#64;license:      GNU General Public License 2.0 or later
&#64;contact:      <a class="rst-reference external" href="mailto:brendandg&#64;gatech.edu" target="_top">brendandg&#64;gatech.edu</a>
&#64;organization: Georgia Institute of Technology<table class="fieldTable"></table></div>

    
    
    <div id="splitTables">
      <table class="children sortable" id="id568">
  
  
<tr class="function">
    
    
    <td>Function</td>
    <td><a href="volatility.plugins.overlays.linux.linux.html#parse_system_map">parse_system_map</a></td>
    <td><span>Parse the symbol file.</span></td>
  </tr><tr class="function">
    
    
    <td>Function</td>
    <td><a href="volatility.plugins.overlays.linux.linux.html#LinuxProfileFactory">LinuxProfileFactory</a></td>
    <td><span>Takes in a zip file, spits out a LinuxProfile class</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.linux_file.html">linux_file</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.hlist_node.html">hlist_node</a></td>
    <td><span>A hlist_node makes a doubly linked list.</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.list_head.html">list_head</a></td>
    <td><span>A list_head makes a doubly linked list.</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.files_struct.html">files_struct</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.kernel_param.html">kernel_param</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.kparam_array.html">kparam_array</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.gate_struct64.html">gate_struct64</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.desc_struct.html">desc_struct</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.module_sect_attr.html">module_sect_attr</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.task_struct.html">task_struct</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.linux_fs_struct.html">linux_fs_struct</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.net_device.html">net_device</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.VolatilityDTB.html">VolatilityDTB</a></td>
    <td><span>A scanner for DTB values.</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.VolatilityLinuxValidAS.html">VolatilityLinuxValidAS</a></td>
    <td><span>An object to check that an address space is a valid Arm Paged space</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.LinuxObjectClasses.html">LinuxObjectClasses</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.LinuxOverlay.html">LinuxOverlay</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.page.html">page</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.mount.html">mount</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.vfsmount.html">vfsmount</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr><tr class="class">
    
    
    <td>Class</td>
    <td><a href="volatility.plugins.overlays.linux.linux.LinuxMountOverlay.html">LinuxMountOverlay</a></td>
    <td><span class="undocumented">Undocumented</span></td>
  </tr>
  
</table>
      
      
    </div>
    
    
    

    <div class="function">
  <a name="volatility.plugins.overlays.linux.linux.parse_system_map">
    
  </a>
  <a name="parse_system_map">
    
  </a>
  <div class="functionHeader">
    
    def
    parse_system_map(data, module):
    
  </div>
  <div class="functionBody">
    
    <div>Parse the symbol file.<table class="fieldTable"></table></div>
  </div>
</div><div class="function">
  <a name="volatility.plugins.overlays.linux.linux.LinuxProfileFactory">
    
  </a>
  <a name="LinuxProfileFactory">
    
  </a>
  <div class="functionHeader">
    
    def
    LinuxProfileFactory(profpkg):
    
  </div>
  <div class="functionBody">
    
    <div>Takes in a zip file, spits out a LinuxProfile class</p>
<p>The zipfile should include at least one .dwarf file
and the appropriate system.map file.</p>
<p>To generate a suitable dwarf file:
dwarfdump -di vmlinux &gt; output.dwarf<table class="fieldTable"></table></div>
  </div>
</div>
    <address>
      <a href="index.html">API Documentation</a> for Volatility 2.2, generated by <a href="http://codespeak.net/~mwh/pydoctor/">pydoctor</a> at 2013-06-24 15:16:10.
    </address>
  </body>
</html>